Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winlive' = '<SYSTEM32>\winlive.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\winlive.exe' = '<Текущая директория>\winlive.exe:*:Enabled:Win Live'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- %WINDIR%\dir\CRNJEUFU.txt
- <SYSTEM32>\winlive.exe
- %WINDIR%\dir\CRNJEUFU.txt
- 'ft#.##terfree.it':21
- DNS ASK ft#.##terfree.it